sks-keyservers.net/overview-of-pools.php

   1 <?
   2  /*
   3   *  overview-of-pools.php
   4   *  Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012  Kristian Fiskerstrand
   5   *
   6   *  This file is part of SKS Keyserver Pool (http://sks-keyservers.net)
   7   *
   8   *  The Author can be reached by electronic mail at kf@sumptuouscapital.com
   9   *  Communication using OpenPGP is preferred - a copy of the public key 0x0B7F8B60E3EDFAE3
  10   *  is available in all the common keyservers or in hkp://pool.sks-keyservers.net
  11   *
  12   *  This program is free software: you can redistribute it and/or modify
  13   *  it under the terms of the GNU General Public License as published by
  14   *  the Free Software Foundation, either version 3 of the License, or
  15   *  (at your option) any later version.
  16   *
  17   *  This program is distributed in the hope that it will be useful,
  18   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  19   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  20   *  GNU General Public License for more details.
  21   *
  22   *  You should have received a copy of the GNU General Public License
  23   *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
  24   */
  25
  26  $title = "Overview of the pools";
  27  $dir = "./";
  28  include($dir."inc/header.inc.php");
  29 ?>
  30 <h1><?=$title;?></h1>
  31 <p>The servers that are included in the pool responded during the last update,
  32 are updated to the required minimum version of the software and is synching with
  33 the rest of the network to update the keys and only includes servers running a
  34 reverse proxy rather than exposing sks directly to the clients.</p>
  35
  36 <p>hkp defaults to port 11371, and the same pool can be accessed using e.g.
  37 http://pool.sks-keyservers.net:11371</p>
  38
  39 <h2 id="pool_main">pool.sks-keyservers.net</h2>
  40 <p>The primary pool. This includes both A (ipv4) and AAAA (ipv6) records based
  41 on a random selection of included servers</p>
  42
  43 <h2 id="pool_eu">eu.pool.sks-keyservers.net</h2>
  44 <p>European pool. This includes A (ipv4), AAAA (ipv6) and SRV records based on
  45 the performance timing expressed in the SRV weights.</p>
  46
  47 <h3>Service (SRV) Records</h3>
  48 <p>The pools <b>_pgpkey-http._tcp.eu.pool.sks-keyservers.net</b> contains
  49 <a href="http://en.wikipedia.org/wiki/SRV_record">DNS Service (SRV)</a>
  50 records with weights as found in the <a href="/status/">status list</a>.
  51 For a description of how the weights are calculated, please see
  52 <a href="/files/sks-keyservers-SRV.pdf">this PDF document</a></p>
  53
  54 <h2 id="pool_na">na.pool.sks-keyservers.net</h2>
  55 <p>North american pool. This includes A (ipv4), AAAA (ipv6) and SRV records
  56 based on the performance timing expressed in the SRV weights.</p>
  57
  58 <h3>Service (SRV) Records</h3>
  59 <p>The pools <b>_pgpkey-http._tcp.na.pool.sks-keyservers.net</b> contains
  60 <a href="http://en.wikipedia.org/wiki/SRV_record">DNS Service (SRV)</a>
  61 records with weights as found in the <a href="/status/">status list</a>.
  62 For a description of how the weights are calculated, please see
  63 <a href="/files/sks-keyservers-SRV.pdf">this PDF document</a></p>
  64
  65 <h2 id="pool_oc">oc.pool.sks-keyservers.net</h2>
  66 <p>Preliminary Oceania pool. Note, this pool currently does not have enough
  67 measuring clients to be considered stable. This includes A (ipv4), AAAA (ipv6)
  68 and SRV records based on the performance timing expressed in the SRV weights.</p>
  69
  70 <h3>Service (SRV) Records</h3>
  71 <p>The pools <b>_pgpkey-http._tcp.oc.pool.sks-keyservers.net</b> contains
  72 <a href="http://en.wikipedia.org/wiki/SRV_record">DNS Service (SRV)</a>
  73 records with weights as found in the <a href="/status/">status list</a>.
  74 For a description of how the weights are calculated, please see
  75 <a href="/files/sks-keyservers-SRV.pdf">this PDF document</a></p>
  76
  77 <h2 id="pool_ipv6">ipv6.pool.sks-keyservers.net</h2>
  78 <p>IPv6 enabled servers are included with AAAA records in the main pool, and
  79 an IPv6-only pool is available at <b>ipv6.pool.sks-keyservers.net</b></p>
  80
  81 <h2 id="pool_ipv4">ipv4.pool.sks-keyservers.net</h2>
  82 <p>Similarily an IPv4 only pool is available at <b>ipv4.pool.sks-keyservers.net</b>
  83 if anyone for some reason (broken IPv6) should have difficulties</p>
  84
  85 <h2 id="pool_subset">subset.pool.sks-keyservers.net</h2>
  86 <p>This is a subset of the pool: At the moment it only includes servers updated
  87 to version <a href="http://lists.nongnu.org/archive/html/sks-devel/2016-08/msg00000.html">1.1.6</a>.
  88 This pool support Elliptic Curve public keys as described in
  89 <a href="http://tools.ietf.org/rfc/rfc6637.txt">RFC6637</a> and those based on Curve25519 (Both Ed25519/eddsa and for encryption)</p>
  90
  91 <h2 id="pool_ha">ha.pool.sks-keyservers.net</h2>
  92 <p>This is a high-availibility subset of the pool that require all servers to
  93 be identified as a clustered setup (marked with blue indicator for reverse proxy
  94 in <a href="/status/">the status pages</a>)</p>
  95
  96 <h2 id="pool_p80">p80.pool.sks-keyservers.net</h2>
  97 <p>This is a pool containing only servers available on port 80 (needs to be
  98 used as hkp://p80.pool.sks-keyservers.net:80)</p>
  99
 100 <h2 id="pool_hkps">hkps.pool.sks-keyservers.net</h2>
 101 <p>This is a pool containing only servers available using hkps. Regular A and
 102 AAAA and SRV records are included for port 443 servers, and a lookup is
 103 performed for _pgpkey-https._tcp on the individual servers to determine if a
 104 hkps enabled service is listening on another port. At this point, however,
 105 servers not running on port 443 are not included.</p><p>This pool only include
 106 servers that have been certified by the sks-keyservers.net CA, of which the
 107 certificate can be found at
 108 <a href="https://sks-keyservers.net/sks-keyservers.netCA.pem">https://sks-keyservers.net/sks-keyservers.netCA.pem</a>
 109 [<a href="https://sks-keyservers.net/sks-keyservers.netCA.pem.asc">OpenPGP signature</a>]
 110 [<a href="https://sks-keyservers.net/ca/crl.pem">CRL</a>].</p>
 111
 112 <p>For GnuPG 1.4 and 2.0 installations this can be used by using the following
 113 parameters in gpg.conf:</p>
 114 <p><pre>~/.gnupg/gpg.conf:
 115   keyserver hkps://hkps.pool.sks-keyservers.net
 116   keyserver-options ca-cert-file=/path/to/CA/sks-keyservers.netCA.pem</pre></p>
 117
 118 <p>GnuPG 2.1 users prior to version 2.1.11 (starting with this version the certificate is enabled by default for this pool) want to add the following in dirmngr.conf:</p>
 119 <p><pre>~/.gnupg/dirmngr.conf:
 120    hkp-cacert /path/to/CA/sks-keyservers.netCA.pem
 121 </pre></p>
 122 <p>Keyserver operators wanting to be included in this pool will have to send an
 123 OpenPGP signed message containing a CSR to a UserID of
 124 <a href="/pks/lookup?op=get&amp;search=0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3">0x94CBAFDD30345109561835AA0B7F8B60E3EDFAE3</a>.</p>
 125
 126 <h2 id="pool_tor">Tor hidden service</h2>
 127 An experimental Tor OnionBalance hidden service is running as <b>hkp://jirk5u4osbsr34t5.onion</b> consisting of the servers marked with Tor support in the <a href="/status/">status list</a> as backend.
 128 <?
 129  include($dir."/inc/footer.inc.php");
 130 ?>